Purpose
Permissions in NHS At Work control the actions a user can take. These can be assigned or denied to each user, together with specific rosters or roster groups. Permissions can also be added to a ‘role’ to simplify the assignment of commonly grouped permissions to users. Each user can be assigned more than one role.
This guide walks through each step for reviewing access, creating roles and managing permissions, split into the following sections:
Managing Users and Roles
To get started, navigate to ‘Administration’, then ‘Users’, and then to ‘Manage Users and Roles’.
- User Account List - User accounts are listed by default in alphabetical order by surname. They can also be sorted by ‘First Name’, ‘Email’ and ’Imported’ by clicking on the column title.
- Last logged in – Shows the date and time the user last logged in using their account. This could be via the desktop or via the mobile app.
- Search - Typing the first three letters will start searching for a name. It’s recommended to only type first name OR surname.
- User Actions Menu - Click the ellipsis to access the following:
- Edit User - Allows the ‘Details’, ‘Role’ or ‘Permissions’ to be edited.
- Copy Access - Enables a role and permissions to be copied to another staff member.
- Resend Account Confirmation - can be used when a user has not confirmed their account within 24 hours of their account creation. (Note – If a user has confirmed their user account this action will not appear).
Creating a New Role
NHS At Work will be populated with the core roles and suggested permissions for essential rostering and rota processes. Trust superusers will by default have the ability to create additional roles and edit permissions as per the organisation’s requirements. These permissions may be given by superusers to others, if appropriate.
Top Tip! It is best practice to keep the number of role as low as possible to keep user access management simple. If a user requires just slightly different access to an existing role, it is possible to adjust their individual permissions (See the ‘editing a user’s access’ section).
- Navigate to ‘Administration’, ‘Users’, and then the ‘Roles & Permissions’ tab.
- Click the green ‘+’ icon in the top-right corner to open ‘Add Role’ form.
- Complete the Role Name, tick the permissions to assign to that role, then click ‘Save’.
Top Tip! You can edit permissions at any point by selecting the ‘pencil’ icon .
Editing a User’s Access
It is possible to add / deny individual permissions within a user’s assigned roles.
- From the User Actions menu, select ‘Edit User’ to check the permissions associated with the role.
- Optional: Use the search bar to view a list of permissions including a key word e.g. ‘Unavailability’.
- Tick the permissions to be assigned and choose the ‘Roster Group’ and / or ‘Rosters’ the permission applies to from the dropdown menu at the end of the line.
Top Tip!’ If a user requires a permission across all rosters, both current and future, for most permissions you can simply leave the ‘Roster Group’ and ‘Roster’ fields blank. See ‘Permission Exceptions’ section, below, for more information.
- To exclude specific permissions from a user, use the ‘Denied Permissions’ tab, tick the permissions to be assigned and choose the ‘Roster Group’ and / or ‘Rosters’ the permission applies to.
- Click ‘Save’.
Permission Exceptions
There are a small number of permissions that require a specific roster or roster group to be selected when they are added at the permission level, and not as part of a role. This is to ensure they are consciously and carefully controlled.
When an exceptional permission is added to a user, messages will appear to inform the superuser, as below. In this case, you will need to select the relevant roster/s or roster group/s from the dropdown menus to the right of the permission.
At the bottom of the screen:
At the top of the screen:
Version 2.0 - Approved 18/12/2025